Temporary files generated by the endpoint agent software

Updated 3 years ago by admin

For the purposes of anti-malware detection, file type detection, unpacking or other content filtering (known as the scanners), the endpoint agents will use a caching strategy based on configuration settings. Caching is used by scanners that are operating on the HTTP response body.

The Maximum Scan Size and Scan Small Files In Memory options will determine when content will be written to disk by the enabled scanners. The scanners will not attempt to scan files that are greater in size than the Maximum Scan Size setting (in megabytes). If Scan Small Files In Memory is enabled for all scanners that support it, then files will only be written to disk if they exceed 100Mb in size and are less than the maximum scan size setting.

It is not always possible to determine the file size, for example if the content is streamed or uses chunked encoding. In this case, the agent will stream data until Maximum Scan Size or until the stream ends.

The folder /plugins_data/response_storage is used to cache the files on disk if the scanner is not able to use Scan Small Files In Memory and the Maximum Scan Size has not been reached.

The file is removed from disk as soon as processing has completed.

It is possible that some endpoint anti-malware software will detect the presence of the cached file as a threat. You may wish to consider adding the response_storage folder as a path exclusion.

How did we do?